canva-incident-runbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md explicitly instructs fetching and checking public third‑party sources — e.g., "Check Canva developer community for reported outages" and checking Canva status pages and API responses in the Quick Triage/5xx sections — which requires the agent to read untrusted, user-generated/public web content as part of its incident-decision workflow.